Peer-to-Peer networks comprise multiple nodes, each node typically consisting both of file server and client which can send and receive data or “Communication messages” to or from a node to which such is connected and other nodes on the network. Common Peer-to-Peer networks and software applications are Gnutella, FastTrack, Edonkey, NeoNet, Kazaa, Limewire, Morpheus, Bear Share, Bit Torrent, Shareaza, Emule, and Freenet.
In a Peer-to-Peer network, each node is connected to other nodes over a communication medium such as the Internet either directly or through some type of proxy. For example, when a search request is issued such originating node sends a search request to all of the nodes to which it is connected. (See FIG. 1) These nodes search their list of available files and if a match is found they send a response back with the location. However, a Peer-to-Peer proxy network typically consists of node A which is connected to a node B and node B is connected to a node C. (See FIG. 2) Node A is not connected to node C such that if node A issues a search request it will be forwarded to node B and Node B will search its available files and if a match is found it will send a response back to node A. Node B will then forward node A's request to node C and Node C will search its available files and if a match is found it will send a response back to node B. Node B will then forward this response to node A. FIG. 3 discloses a nonproxy loop network wherein each node is directly connected to another.
Some Peer-to-Peer networks utilize a leaf node/main node proxy topology (see FIG. 4) where some nodes are classified as main nodes and the remaining nodes are classified as leaf nodes. Leaf nodes can only connect to main nodes. Only main nodes can connect to other main nodes. When a leaf node issues a search request it sends the request to the main node to which it is connected. The main node then forwards the request to any other leaf nodes that are connected to it and also to any main nodes to which it is connected. These main nodes forward the request to any leaf nodes that are connected to them.
A Peer-to-Peer network is used to share files among its users. They are commonly used to share and acquire copyrighted music, movies, ebooks, and software but can be used to share and acquire almost any other type of file. To access a Peer-to-Peer network, a user installs a Peer-to-Peer network software application that is capable of connecting to and utilizing the Peer-to-Peer network, much the same way that a user installs a web browser, such as Internet Explorer, to access the World Wide Web.
Organizations are placed at legal risk by Peer-to-Peer network usage by their employees if an employee installs a Peer-to-Peer network software application onto their work PC and utilizes the Peer-to-Peer network to acquire copyrighted works. Peer-to-Peer network usage also consumes a lot of network bandwidth because the commonly transferred files are large software and movie files. This places bandwidth burdens on an organization's computer network. Even though it is normally a violation of corporate policy to have a Peer-to-Peer network software application installed, employees still install these applications.
When installing a Peer-to-Peer network software application, the user must select a folder on their computer system in which to store any downloaded files. For the purposes of clarification, a “folder” is used to organize files on a computer system, also known as a “directory.” Any files placed into this folder are also made available to other users. This folder is often called the “Shared Folder”. For instance, if user #1 (on a first network node) places a file named “foofile” in their shared folder, user #2 (on a second network node) would then be able to access and download the file. Depending on the Peer-to-Peer network software application used, the user can also select additional folders to make available to other users of the network.
For whatever reason, users sometimes select as their shared folder a folder that contains sensitive information or information they do not otherwise wish to share or they may later begin to place sensitive information or information they do not otherwise wish to share into their shared folder by mistake. Usually this action is done by mistake and unknowingly by the user but sometimes it is done by a malicious person or virus. Sometimes the Peer-to-Peer network software application has a software bug that permits the sharing of files and folders that the user never intended to be shared. Unintended (or malicious) sharing of information may be detrimental the user, the organization they work for, or even to national security. It would therefore be advantageous to be able to locate computers with Peer-to-Peer network software applications installed so that such applications can be assessed or removed.
There are hundreds if not thousands of different Peer-to-Peer network software applications with each having its own set of attributes. Current detection methods concentrate on 1) identifying the presence of each of these different Peer-to-Peer network software applications on a computer system or 2) the placement of a hardware/software based inline filter between the computer system and Internet to detect Peer-to-Peer network communications by looking for their protocols, monitoring for downloads, or increased bandwidth usage.
As Peer-to-Peer network software applications are created or current ones change, detecting the presence of a specific Peer-to-Peer network software application on a computer system or monitoring for Peer-to-Peer network communication on the organization's network becomes increasing challenging.
The method of identifying the presence of Peer-to-Peer network software applications on a computer system entails creating a software “blueprint” of each Peer-to-Peer network software application and checking to see if this blueprint exists on a target computer system. Virus scanning software works in the same way, in that a blueprint of the virus is created and then checked against each file on a target computer system. Using a software blueprint to detect Peer-to-Peer network software applications is successful only if the Peer-to-Peer network software application is known and an accurate blueprint has been created. Each time a new Peer-to-Peer network software application is created a new blueprint must be created and there is an inherent lag in protection during the development of the software blueprint. Furthermore, when a Peer-to-Peer network software application is upgraded or changed because of new developments, a Peer-to-Peer network software application blueprint may no longer be valid. This leaves an organization exposed.
Inline filters detect Peer-to-Peer network usage by monitoring network communications on the organization's network and comparing the communications to known Peer-to-Peer network protocols. Using a protocol comparison method to detect Peer-to-Peer network software application only works if the Peer-to-Peer network software application's protocol is known. Each time a new Peer-to-Peer network software application is created the inline filter must be upgraded to look for the new protocol or data. Furthermore, when a Peer-to-Peer network software application is upgraded or changed because of new developments, the comparison filter that the inline filter uses may no longer be valid. Inline filters also do not work on Peer-to-Peer networks in which the communications between users is encrypted. This leaves an organization exposed.